Businesses turn to their insurance companies when they’re in trouble. But, where do insurance companies turn when they need to be indemnified? Other insurance companies.
The highly-regulated insurance industry has the same risk management and coverage needs as other financial institutions.
Think about a denied claim, for example. Businesses or individual insureds may accuse the insurance company of mishandling their claim, or sue the insurer for denying their claim.
What about a cyber breach? When an insurance company is the victim of a data breach, not only are their employees’ identities at risk, but all of their insureds’ identities may be manipulated as well. Cyber breaches can easily snowball into a Directors and Officers (D&O) claim, i.e. shareholders can claim the CEO should have had a stronger anti-cyber breach plan in place, etc.
For these reasons and more, insurance companies need insurance policies such as D&O, Errors and Omissions (E&O), and Cyber insurance, in addition to the standard Property & Casualty lines such as Property, General Liability, Auto Liability and Workers’ Compensation (WC).
Like any other financial institution, insurance companies will want to conduct both an enterprise risk management assessment and a business impact analysis to determine necessary coverage limits and desired features.
Enterprise risk management assessment. This assessment is based on the information gathered during interviews with the insurance company’s C-suite to determine potential risks and liabilities. From this information, a heat map of risk is created to lay over the business’ divisions and units to prioritize and understand “hot spots” related to the total organizational risk.
Business impact analysis. The business impact analysis will focus on the insurance company’s cyber risk and the potential impact a breach would have on the business. The analysis will ask for information on what is being done to reduce cyber-related exposures and it will test the company’s security plans.
Beyond evaluating the insurance company’s total risk, there are a number of other actionable tasks insurance companies can engage in to procure the best possible coverage at the best possible price.
- Conduct tabletop exercises. A tabletop exercise tests existing company protocol by simulating a real event. The event can be a physical disaster, such as a fire, earthquake or flood or a cyber-attack or breach. The goal is to determine how well and quickly employees and 3rd party vendors respond. Post-exercise, the company reviews their actions and discusses how things could have been handled better. These scenarios should be organization-specific and can be led by your HR team, broker or a 3rd party specialist.
- Train employees on risk management best practices. From phishing scams to disgruntled customers, proactive training on best practices to avoid claims is essential to keeping coverage cost increases at bay. This is important to note for risks that cannot be transferred and/or risks that are strategically self-insured.
- Develop your company narrative. No one knows your business better than you and communicating the details of your approach to risk management is critical. Whatever your business is doing to reduce claims, be sure that information is conveyed to your carrier. The more you can demonstrate proactive steps to avoid claims in the first place, the better.
Contact your HUB Financial Services insurance expert for more information on securing the right insurance coverage for your insurance business. Additionally, you can also learn more about E&O insurance here!